Don’t Shoot the Messenger, Fire the Chief Compliance Officer

He did so because “There is no other position in a company which has taken on more significance.”

This significance was foretold, in part, by the Department of Justice’s (DOJ) minimum best practices compliance program, where they have listed in each Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA) released beginning in 2010 and continuing into 2011, the following:

“Senior Management Oversight and Reporting. A Company should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.”

In November 2010, the US Sentencing Guidelines were also amended to make the role of the CCO more robust and allow direct reporting to a Board of Directors or subcommittee of the Board.

The amendment read “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”.

If a company has the CCO reporting to the General Counsel (GC) who then reports to the Board? Such structure may not qualify as an effective compliance and ethics program under the amended Sentencing Guidelines.

These two bits of guidance came to mind when reading about MF Global over the past few weeks, regarding its Chief Risk Officer, the financial services equivalent of a CCO.

As reported on December 15, in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, earlier in 2011, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.”

He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.

Writing in the December 16, edition of the NYT’s DealB%K, in an article entitled “Another View: MF Global’s Corporate Governance Lesson” Michael Peregrine stated that “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.”

Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him to resign), it is a significant decision for all involved in corporate governance and should not be solely done at the discretion of the Chief Executive Officer (CEO) alone.

Both the DOJ minimum best practices and the amendment to the US Sentencing Guidelines, giving the CCO direct access to a company’s Board of Directors, would seem to provide the profile that would mandate that a Board wants to know the reason why a CCO (or Chief Risk Officer) would suddenly resign, particularly after he “repeated clashed” with a CEO over compliance issues.

The universal corporate blanket “resigned to pursue other opportunities” is a white-wash that a Board should look beyond, if indeed that reason was given to the MF Board. The bottom line is that when a CCO leaves, particularly if it was due to a clash with the CEO, the Board had better take a close look into the reasons as it may be that the CEO wants to take risks which could put the company at grave risk.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.